XCarnival Hit With $3.8M Exploit

XCarnival is an Ethereum-based protocol that acts as a lending aggregator for NFTs. Recently, XCarnival met with an unfortunate hacker attack that stole $3.8 worth of funds due to an exploit.

Basically, the attacker utilized a smart-contract flaw through which he used the pledged asset as collateral. In this case, he used a Bored Ape Yacht Club NFT as collateral.

According to the data from etherscan, the hacker utilized the exploit multiple times during a short time at 12:03 UTC on June 26. Doing so, he siphoned out 3,087 Ethereum ($3.65 million as of writing).

The company confirmed this incident on their Twitter account, saying:

“XCarnival was attacked on June 26, 2022, and suspended part of the protocol.”

In addition to that, the company said:

“Currently our smart contract has been suspended, and all deposit and borrowing actions are temporarily not supported. Please stay tuned, we will confirm the situation as soon as possible.”

Following the incident, the team of XCcarnival offered a 1,500 ETH bounty to the attacker:

“XCarnival was attacked on June 26, 2022 and suspended part of the protocol. XCarnival officials will give 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a owner 1500 ETH bounty. At the same time, XCarnival officals explicitly exempt the person from legal action.”

According to Etherscan, the attacker has accepted the offer and transferred 1,467 ETH to the affected wallet.

As of now, the total value locked for the platform stands at 2992.05 ETH for borrows and 3014.69 ETH for supply.

Related Stories:

• Hackers run away with $100 million from Harmony Blockchain
• AscendEX met a hacker attack – Lost $77 million in various blockchains
• Bitmart Exchange loses $200M after Hackers steal Shiba Inu, Saitama
• Hackers hijacked HP Branded Servers, mined $110,000 worth of crypto
• THORChain hit by hackers again, $8 million worth of ETH stolen